Intrusion Response as a Resource Allocation Problem

Michael Bloem, Tansu Alpcan, Tamer Basar
2006 Proceedings of the 45th IEEE Conference on Decision and Control  
We study intrusion response in access control systems as a resource allocation problem, and address it within a decision and control framework. By modeling the interaction between malicious attacker(s) and the intrusion detection system (IDS) as a noncooperative non-zero sum game, we develop an algorithm for optimal allocation of the system administrator's time available for responding to attacks, which is treated as a scarce resource. This algorithm, referred to as the Automatic or
more » ... r Response (AOAR) algorithm, applies neural network and LP optimization tools. Finally, we implement an IDS prototype in MATLAB based on a game theoretical framework, and demonstrate its operation under various scenarios with and without the AOAR algorithm. Our approach and the theory developed are general and can be applied to a variety of IDSs and computer networks.
doi:10.1109/cdc.2006.376981 dblp:conf/cdc/BloemAB06 fatcat:6aqy77bu4jbbtf6oukfkwjf6gu